Federated learning-based cyber threat hunting for APT attack detection in SDN-enabled networks

20:56 05/09/2022

Threat hunting is the action of seeking harmful actors lurking in the network or the system in the early stage with the assumption of attackers already broke the cy-ber defense solution. This defense solution requires collecting more knowledge inside and outside to search potential threats in each organization. To leverage the knowledge of multiple organizations and experts for cyber threat detection, there is a need for the collaboration without breaking data among data owners across the cybersecurity community. Meanwhile, Software Defined Networking (SDN) is the flexible and programmable network architecture, which enables network administrator to proactively enforce the security policy in the large-scale network. Obviously, it can help organizations to enforce dynamically threat hunting services. Thus, this work introduces a federated learning (FL) approach for cyber threat hunting in SDN-enabled networks to deploy a proactive APT attack detection and response by leveraging threat intelligence from collaborative parties. Our approach can enrich the outcome of machine learning (ML)-based or deep learning (DL)-based threat detectors in recognizing malicious indicators. The experimental results on NF-UQ-NIDS dataset and FedPlus model aggregation algorithm demonstrate the feasibility of FL-based cyber threat hunting with privacy preservation among data holders in SDN context.

Penetration testing is one of the most common methods for assessing the security of a system, application, or network. Although there are different support tools with great efficiency in this field, penetration testing is done mostly manually and relies heavily on the experience of the ethical hackers who are doing...
Software-defined networking (SDN) is a potential approach for modern network architecture, which has received great attention recently. SDN-based networks also face security issues, and they can become targets of cyberattacks. Cyber threat hunting is one of the security solutions proposed for early attack detection in SDN. Developing machine learning-based IDS...